Intel Corp on Wednesday acknowledged a report that a design flaw in its chips could let hackers steal data but said that it was working on a solution that would not significantly slow computers.

On Tuesday, tech publication The Register reported the flaw in Intel microprocessors required updates to computer operating systems, adding that the fix causes the chips to operate more slowly.

Intel said the problem was broader than its chips alone and that it was working with Advanced Micro Devices Inc, ARM Holdings and others to fix the problem.

Intel also denied that the patches would bog down computers based on Intel chips.

The defect affects the so-called kernel memory on Intel processor chips manufactured over the past decade. programmers for the Linux open-source operating system were working to overhaul the affected memory areas, while Microsoft Corp was expected to issue a Windows patch next Tuesday after circulating test fixes towards the end of 2017.

WHAT CAN YOU DO?

At the moment, there is nothing users can do to address the security flaw.

Programmers for the Linux open-source operating system are reportedly working to overhaul the affected memory areas.

Microsoft Corp is expected to issue a Windows update that will be automatically applied to Windows 10 machines at 5PM ET / 2PM PT today.

The update will also be available for older and supported versions of Windows today, but systems running operating systems like Windows 7 or Windows 8 won’t automatically be updated through Windows Update until next Tuesday.

Windows 10 will be automatically updated today.

Similar operating systems, such as Apple's 64-bit macOS, will also need to be updated.

Intel said: 'Check with your operating system vendor or system manufacturer and apply any available updates as soon as they are available.

'Following good security practices that protect against malware in general will also help protect against possible exploitation until updates can be applied. '

'Recent reports that these exploits are caused by a “bug” or a “flaw” and are unique to Intel products are incorrect,' Intel said.

'Based on the analysis to date, many types of computing devices — with many different vendors’ processors and operating systems — are susceptible to these exploits.

'Intel has begun providing software and firmware updates to mitigate these exploits,' Intel said in a statement.

'Contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time.'

ARM spokesman Phil Hughes confirmed that ARM was working with AMD and Intel to fix a security hole found by researchers but said it was 'not an architectural flaw' and that patches had already been shared with the companies' partners, which include most smartphone manufacturers.

'This method only works if a certain type of malicious code is already running on a device and could at worst result in small pieces of data being accessed from privileged memory,' Hughes said in an email.

AMD chips are also affected by variants of a security flaw also discovered in Intel chips, a person familiar with the matter told Reuters.

The earlier report in The Register suggested that AMD chips were not affected, which appeared to boost shares.

The defect affects the so-called kernel memory on Intel x86 processor chips manufactured over the past decade, The Register reported citing unnamed programmers, allowing users of normal applications to discern the layout or content of protected areas on the chips.

That could make it possible for hackers to exploit other security bugs or, worse, expose secure information such as passwords, thus compromising individual computers or even entire server networks.

Share this article

Share

40 shares

Intel chips up close: The Register said programmers for the Linux open-source operating system were working to overhaul the affected memory areas, while Microsoft Corp was expected to issue a Windows patch next Tuesday after circulating test fixes towards the end of 2017.

Shares in Intel were down by 3.4 percent following the report while shares in AMD jumped 5.1 percent.

The Register said programmers working on the Linux open-source operating system were overhauling the affected memory areas, while Microsoft Corp was expected to issue a Windows patch next Tuesday.

'Crucially, these updates to both Linux and Windows will incur a performance hit on Intel products,' The Register wrote .

'The effects are being benchmarked, however we are looking at a ballpark figure of a five to 30 percent slowdown, depending on the task and the processor model.'

Microsoft declined to comment.

It was not immediately clear whether Intel would face any significant financial liability arising from the reported flaw.

'The current Intel problem, if true, would likely not require CPU replacement in our opinion. However the situation is fluid,' Hans Mosesmann of Rosenblatt Securities in New York said in a note, adding it could hurt the company's reputation.

WHAT IS KERNEL MEMORY?

Kernel memory is part of the kernel layer, the central module of an operating system like Windows or Mac OS.

This is the part of the operating system that loads first and starts up core processes and tasks required to run your computer.

Kernel memory remains in a protected area of the system's main physical and virtual memory, which is made up of RAM chips and specially allocated areas of your hard drive.

While other parts of the main memory may be overwritten, kernel memory is allocated to perform important system processes like disk, memory, process and task management, as well as for communication between hardware components and devices.

As such, it contains sensitive information which is off limits to the the rest of the system, to protect any unwanted errors from occurring within the OS.

The bug is likely to affect major cloud computing platforms such as Amazon.com Inc's EC2, Microsoft Azure and Alphabet Inc's Compute Engine, according to one software blogger cited by The Register.

Microsoft Azure is due to undergo a maintenance reboot on Jan. 10 while Amazon Web Services has also advised customers via email to expect a major security update Friday.

The Register also said that similar operating systems, such as Apple Inc's 64-bit macOS operating system, would need to be updated.

The Linux patches are based on work by researchers from the Graz University of Technology in Austria who came up with a way to split kernel and user memory spaces to eliminate the security vulnerability.